ENISA Issues Guides on Incident Reporting

Shepherding National Telecoms Through Reporting Requirements
ENISA Issues Guides on Incident Reporting

The European Union's cybersecurity agency, ENISA, issued two technical guidelines Tuesday that describe how to implement the required cybersecurity incident reporting scheme for telecom operators and specific security measures telecom operators should take when a cyber incident occurs.

See Also: Webinar | Prevent, Detect & Restore: Data Security Backup Systems Made Easy

Udo Helmbrecht, executive director of the European Network and Information Security Agency, said in a statement announcing the new guidance that incident reporting and minimal security measures are important tools to provide consumers, businesses and governments confidence in the security of telecommunication services. "After the recent Diginotar case," he said, "there is also growing support for broadening the scope of this kind of legislation beyond the telecom sector."

Diginotar was a Dutch company driven into bankruptcy in September after hackers deceived the subsidiary of Vasco Data Security International into issuing fraudulent digital certificates (see DigiNotar Declares Bankruptcy).

The guidance shepherds national telecom regulatory authorities through two types of incident reporting required by European Union law: the annual summary reporting of significant incidents to ENISA and the European Community and the ad hoc notification of incidents to other national telecom regulatory authorities in case of cross-border incidents.

The incident reporting guidelines defines the scope of incident reporting, the incident parameters and thresholds. It also contains a reporting template for submitting incident reports to ENISA and the EC, and explains how reports will be processed by ENISA.

The guideline for minimum security measures advices national telecom regulatory on the minimum security measures that telecom operators should take to ensure security of these networks.

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 34 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.